Docker Community Forums

Share and learn in the Docker community.

Docker bridge custom selinux


(Choman) #1

So there are two questions I have in regards to the docker bridge and security.

NOTE: I tried looking at macvlan, which ironically specifies an interface, but I was still able to
send traffic on the second NIC. But it’s possible I didn’t do everything I needed to do. So I
thought I would research a different avenue with the bridge.

  • I’d like to tear down the docker bridge and setup my on bridge bound to one NIC?
  • I would then like to setup a second bridge bound to a different NIC?

Essentially I would to completely isolate a container to an interface. I would like to achieve this
with native docker and linux. But the system that I am on will also employ selinux and svirt. iptables
is also there, and we’re dealing with labeled interfaces thanks to selinux. so many avenues available

Current Target OS is CentOS 7.4

Can anyone walk me through this and/or point me in the right direction.

Thanks in advance


(Choman) #2

I’ve got the macvlan doing what I would like, but the macvlan only appears to work on a physical machine and not in a VM, any ideas?